Security News > 2020 > October > Microsoft Says Iranian Hackers Exploiting Zerologon Vulnerability
The Iran-linked threat actor known as MuddyWater is actively targeting the Zerologon vulnerability in Windows Server, Microsoft warns.
According to Microsoft, one of the latest changes in the group's tactics is the adoption of exploits for Zerologon, a Netlogon remote protocol vulnerability that was addressed in August 2020.
"MSTIC has observed activity by the nation-state actor MERCURY using the CVE-2020-1472 exploit in active campaigns over the last 2 weeks. We strongly recommend patching," Microsoft said on Twitter.
The patching of this vulnerability will be done in two stages, Microsoft has revealed.
Last week, Microsoft also announced that the exploitation of Zerologon is now being detected by Microsoft Defender for Identity and Microsoft 365 Defender.
News URL
Related news
- A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser (source)
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) (source)
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-17 | CVE-2020-1472 | Use of Insufficiently Random Values vulnerability in multiple products An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). | 5.5 |